oci.Kms.GeneratedKey
This resource provides the Generated Key resource in Oracle Cloud Infrastructure Kms service.
Generates a key that you can use to encrypt or decrypt data.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testGeneratedKey = new Oci.Kms.GeneratedKey("testGeneratedKey", new()
{
CryptoEndpoint = @var.Generated_key_crypto_endpoint,
IncludePlaintextKey = @var.Generated_key_include_plaintext_key,
KeyId = oci_kms_key.Test_key.Id,
KeyShape = new Oci.Kms.Inputs.GeneratedKeyKeyShapeArgs
{
Algorithm = @var.Generated_key_key_shape_algorithm,
Length = @var.Generated_key_key_shape_length,
CurveId = oci_kms_curve.Test_curve.Id,
},
AssociatedData = @var.Generated_key_associated_data,
LoggingContext = @var.Generated_key_logging_context,
});
});
package main
import (
"github.com/pulumi/pulumi-oci/sdk/go/oci/Kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Kms.NewGeneratedKey(ctx, "testGeneratedKey", &Kms.GeneratedKeyArgs{
CryptoEndpoint: pulumi.Any(_var.Generated_key_crypto_endpoint),
IncludePlaintextKey: pulumi.Any(_var.Generated_key_include_plaintext_key),
KeyId: pulumi.Any(oci_kms_key.Test_key.Id),
KeyShape: &kms.GeneratedKeyKeyShapeArgs{
Algorithm: pulumi.Any(_var.Generated_key_key_shape_algorithm),
Length: pulumi.Any(_var.Generated_key_key_shape_length),
CurveId: pulumi.Any(oci_kms_curve.Test_curve.Id),
},
AssociatedData: pulumi.Any(_var.Generated_key_associated_data),
LoggingContext: pulumi.Any(_var.Generated_key_logging_context),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Kms.GeneratedKey;
import com.pulumi.oci.Kms.GeneratedKeyArgs;
import com.pulumi.oci.Kms.inputs.GeneratedKeyKeyShapeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testGeneratedKey = new GeneratedKey("testGeneratedKey", GeneratedKeyArgs.builder()
.cryptoEndpoint(var_.generated_key_crypto_endpoint())
.includePlaintextKey(var_.generated_key_include_plaintext_key())
.keyId(oci_kms_key.test_key().id())
.keyShape(GeneratedKeyKeyShapeArgs.builder()
.algorithm(var_.generated_key_key_shape_algorithm())
.length(var_.generated_key_key_shape_length())
.curveId(oci_kms_curve.test_curve().id())
.build())
.associatedData(var_.generated_key_associated_data())
.loggingContext(var_.generated_key_logging_context())
.build());
}
}
import pulumi
import pulumi_oci as oci
test_generated_key = oci.kms.GeneratedKey("testGeneratedKey",
crypto_endpoint=var["generated_key_crypto_endpoint"],
include_plaintext_key=var["generated_key_include_plaintext_key"],
key_id=oci_kms_key["test_key"]["id"],
key_shape=oci.kms.GeneratedKeyKeyShapeArgs(
algorithm=var["generated_key_key_shape_algorithm"],
length=var["generated_key_key_shape_length"],
curve_id=oci_kms_curve["test_curve"]["id"],
),
associated_data=var["generated_key_associated_data"],
logging_context=var["generated_key_logging_context"])
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testGeneratedKey = new oci.kms.GeneratedKey("testGeneratedKey", {
cryptoEndpoint: _var.generated_key_crypto_endpoint,
includePlaintextKey: _var.generated_key_include_plaintext_key,
keyId: oci_kms_key.test_key.id,
keyShape: {
algorithm: _var.generated_key_key_shape_algorithm,
length: _var.generated_key_key_shape_length,
curveId: oci_kms_curve.test_curve.id,
},
associatedData: _var.generated_key_associated_data,
loggingContext: _var.generated_key_logging_context,
});
resources:
testGeneratedKey:
type: oci:Kms:GeneratedKey
properties:
#Required
cryptoEndpoint: ${var.generated_key_crypto_endpoint}
includePlaintextKey: ${var.generated_key_include_plaintext_key}
keyId: ${oci_kms_key.test_key.id}
keyShape:
algorithm: ${var.generated_key_key_shape_algorithm}
length: ${var.generated_key_key_shape_length}
curveId: ${oci_kms_curve.test_curve.id}
#Optional
associatedData: ${var.generated_key_associated_data}
loggingContext: ${var.generated_key_logging_context}
Create GeneratedKey Resource
new GeneratedKey(name: string, args: GeneratedKeyArgs, opts?: CustomResourceOptions);@overload
def GeneratedKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
associated_data: Optional[Mapping[str, Any]] = None,
crypto_endpoint: Optional[str] = None,
include_plaintext_key: Optional[bool] = None,
key_id: Optional[str] = None,
key_shape: Optional[_kms.GeneratedKeyKeyShapeArgs] = None,
logging_context: Optional[Mapping[str, Any]] = None)
@overload
def GeneratedKey(resource_name: str,
args: GeneratedKeyArgs,
opts: Optional[ResourceOptions] = None)func NewGeneratedKey(ctx *Context, name string, args GeneratedKeyArgs, opts ...ResourceOption) (*GeneratedKey, error)public GeneratedKey(string name, GeneratedKeyArgs args, CustomResourceOptions? opts = null)
public GeneratedKey(String name, GeneratedKeyArgs args)
public GeneratedKey(String name, GeneratedKeyArgs args, CustomResourceOptions options)
type: oci:Kms:GeneratedKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GeneratedKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
GeneratedKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GeneratedKey resource accepts the following input properties:
- Crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey If true, the generated key is also returned unencrypted.
- Key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- Associated
Data Dictionary<string, object> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Logging
Context Dictionary<string, object> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- Crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey If true, the generated key is also returned unencrypted.
- Key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- Associated
Data map[string]interface{} Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Logging
Context map[string]interface{} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- crypto
Endpoint String The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey If true, the generated key is also returned unencrypted.
- key
Id String The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- associated
Data Map<String,Object> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context Map<String,Object> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext booleanKey If true, the generated key is also returned unencrypted.
- key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- associated
Data {[key: string]: any} Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context {[key: string]: any} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- crypto_
endpoint str The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include_
plaintext_ boolkey If true, the generated key is also returned unencrypted.
- key_
id str The OCID of the master encryption key to encrypt the generated data encryption key with.
- key_
shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- associated_
data Mapping[str, Any] Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging_
context Mapping[str, Any] Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- crypto
Endpoint String The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey If true, the generated key is also returned unencrypted.
- key
Id String The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape Property Map The cryptographic properties of a key.
- associated
Data Map<Any> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- logging
Context Map<Any> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
Outputs
All input properties are implicitly available as output properties. Additionally, the GeneratedKey resource produces the following output properties:
- Ciphertext string
The encrypted data encryption key generated from a master encryption key.
- Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- Plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- Ciphertext string
The encrypted data encryption key generated from a master encryption key.
- Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- Plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext String
The encrypted data encryption key generated from a master encryption key.
- id String
The provider-assigned unique ID for this managed resource.
- plaintext String
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum String The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext string
The encrypted data encryption key generated from a master encryption key.
- id string
The provider-assigned unique ID for this managed resource.
- plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext str
The encrypted data encryption key generated from a master encryption key.
- id str
The provider-assigned unique ID for this managed resource.
- plaintext str
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext_
checksum str The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- ciphertext String
The encrypted data encryption key generated from a master encryption key.
- id String
The provider-assigned unique ID for this managed resource.
- plaintext String
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum String The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
Look up Existing GeneratedKey Resource
Get an existing GeneratedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GeneratedKeyState, opts?: CustomResourceOptions): GeneratedKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
associated_data: Optional[Mapping[str, Any]] = None,
ciphertext: Optional[str] = None,
crypto_endpoint: Optional[str] = None,
include_plaintext_key: Optional[bool] = None,
key_id: Optional[str] = None,
key_shape: Optional[_kms.GeneratedKeyKeyShapeArgs] = None,
logging_context: Optional[Mapping[str, Any]] = None,
plaintext: Optional[str] = None,
plaintext_checksum: Optional[str] = None) -> GeneratedKeyfunc GetGeneratedKey(ctx *Context, name string, id IDInput, state *GeneratedKeyState, opts ...ResourceOption) (*GeneratedKey, error)public static GeneratedKey Get(string name, Input<string> id, GeneratedKeyState? state, CustomResourceOptions? opts = null)public static GeneratedKey get(String name, Output<String> id, GeneratedKeyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Associated
Data Dictionary<string, object> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Ciphertext string
The encrypted data encryption key generated from a master encryption key.
- Crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey If true, the generated key is also returned unencrypted.
- Key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- Logging
Context Dictionary<string, object> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- Plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- Plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- Associated
Data map[string]interface{} Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- Ciphertext string
The encrypted data encryption key generated from a master encryption key.
- Crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- Include
Plaintext boolKey If true, the generated key is also returned unencrypted.
- Key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- Key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- Logging
Context map[string]interface{} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- Plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- Plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data Map<String,Object> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext String
The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint String The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey If true, the generated key is also returned unencrypted.
- key
Id String The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- logging
Context Map<String,Object> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- plaintext String
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum String The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data {[key: string]: any} Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext string
The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint string The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext booleanKey If true, the generated key is also returned unencrypted.
- key
Id string The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- logging
Context {[key: string]: any} Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- plaintext string
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum string The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated_
data Mapping[str, Any] Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext str
The encrypted data encryption key generated from a master encryption key.
- crypto_
endpoint str The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include_
plaintext_ boolkey If true, the generated key is also returned unencrypted.
- key_
id str The OCID of the master encryption key to encrypt the generated data encryption key with.
- key_
shape GeneratedKey Key Shape Args The cryptographic properties of a key.
- logging_
context Mapping[str, Any] Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- plaintext str
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext_
checksum str The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
- associated
Data Map<Any> Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters.
- ciphertext String
The encrypted data encryption key generated from a master encryption key.
- crypto
Endpoint String The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.
- include
Plaintext BooleanKey If true, the generated key is also returned unencrypted.
- key
Id String The OCID of the master encryption key to encrypt the generated data encryption key with.
- key
Shape Property Map The cryptographic properties of a key.
- logging
Context Map<Any> Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled.
- plaintext String
The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".- plaintext
Checksum String The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the
includePlaintextKeyparameter and sets its value to "true".
Supporting Types
GeneratedKeyKeyShape
Import
Import is not supported for this resource.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
ociTerraform Provider.